I am used to the route command but I just realised the ip command is really good as well. Well, I am aware of it but I just didn’t use it because I am so used to the route, ifup and ifdown commands.
If for some reason, I can’t drop the interface,
ip link set [iface] up/down
is really cool.
I was working with some legacy system and it doesn’t have ntpd to keep the time accurate for me. I had to change the system time manually. Imagine I have to do it for day light saving as well.
system time can be changed easily using the following syntax:
date MMDDHHMMYY
hardware clock can then be sync with the system time using:
hwclock –systohc
Cyber crime is prevalent today and will be more so in the future. It is very common for sensitive data to be leaked to unauthorised people. This can be done via electronically with or without the user knowing it. One such common practice is to send plain password or important documents via email.
A good solution is to encrypt the data with proper software and specify who can view the doc. So someone may receive your doc accidentally but since you did not provide him with your public key, he will not be able to open the doc.
see http://en.wikipedia.org/wiki/GNU_Privacy_Guard
Implementing GPG in Linux
* Install the package
yum install gnupg
* Create your private/secret and public key
gpg --gen-key
* Import an external key from your friend who wants to send you a gpg encrypted file
gpg --import xxx.asc
* To decrypt the file
gpg -d encrypted.gpg
* To view all the keys available
gpg --list-keys
* To encrypt the file to your friend, lookup the uid from the command above, then
gpg -e -r [uid] [file to encrypt]
* once the file is encrypted, it can be distributed to the right person and only the right person with the private key can open the file.
Implementing GPG in Windows
The windows version can be found here - http://www.gpg4win.org/
more information - http://en.wikipedia.org/wiki/Gpg4win
* download the software.
* program files -> gnupg for windows -> winPT -> generate a GnuPG Key Pair
* Right click the icon on the taskbar -> key manager
* To import a file, open key manager -> menu -> key -> import
* To encrypt the file to someone, in explorer, right click on the file -> GPGee -> encrypt (PK) -> select the right user from the list.
* Once done, atatch the file in the email and the file can now only be opened by people authorised by you.
CA Expo is a one day event that provides a unique opportunity to hear the latest about CA solutions from leading Australian organisations, CA executives, and industry experts.
The agenda features case studies from leading organisations in Financial Services, Telecommunications, Government and more.
With a flexible framework of concurrent steams, delegates can attend the presentations of greatest interest to them from the following streams:
The event started at 9am and finished at 5pm. I spend most the time in the security and compliance section. I put together a few things from the day’s lecture + some of my own ideas.
The Right Attitude Towards IT
IT should be seen as a competitive weapon instead of a strain on the company resources. IT is the key to innovation that can propels the business forward.
The future of IT
Factors for Successful IT implementation
All successful IT Teams have a vision
Instead of sshing into your home machine from anywhere, it is actually more secure and convenient to vpn instead. With vpn, you can share different subnets as well. The problem most people find is that setting up a vpn server can be complicated - well, not so with openvpn.
This tutorial is a summarised version of http://openvpn.net/howto.html
I am using Centos 5.3 but the principle should work with any distros. Centos repo doesn’t have the openvpn rpm yet, so we will use the dag repo http://dag.wieers.com/rpm/FAQ.php#B
. Install the repo and we are ready to go.
change to root user and install openvpn
sudo -s yum install openvpn
get all the necessary files from the sample dir and make them executable
cd /etc/openvpn cp -r /usr/share/doc/openvpn-xxx/easy-rsa/2.0 ./ cd 2.0 chmod u+x *
change the sample vars
vim vars (change the parameters at the bottom of the file) source vars
now build all the necessary certificates and keys
./clean-all ./build-ca (when prompted with the questions, you have to explicitly enter the common name) ./build-key-server server ./build-key user1 (this is the client key, you can create keys for any no. of users) ./build-dh
now, setup the config file
cp keys/server.{crt,key} /etc/openvpn
cp keys/ca.crt /etc/openvpn
cp keys/dh1024.pem /etc/openvpn
cp /usr/share/doc/openvpn-xxx/sample-config-files/server.conf /etc/openvpn
cd /etc/openvpn
vim server.conf
(you might want to change the port no, protocol, subnet. You also need to change the remote name.)
Now you need to modify the firewall to accomodate whatever port you are using for the vpn. If you have selinux turned on, you need to turn the boolean on
semanage port -a -t openvpn_port_t -p tcp_or_udp your_port_no
restart openvpn and try to connect it up with a client which we will talk about soon.
service openvpn restart
——–
Now let us try to setup a vpn client using centos and connect with the server.
In the client machine, become a root user and
yum install openvpn
copy the sample config over
cd /etc/openvpn cp /usr/share/doc/openvpn-xxx/sample-config-file/client.conf ./ (now you need to copy the client keys from the server to this directory. Remember the /etc/openvpn/2.0/keys dir that you created in the server? You will need to get the ca.crt, user1.key, user1.crt from there. Instead of putting the config and keys in /etc/openvpn, you can put it in ~/openvpn as well but then you will need root privilleges when executing the openvpn command.)
edit the config file
vim client.conf (change the remote name, port, ca and keys path. Depending on the server settings, you might need to change the protocol as well.)
modify firewall settings if need be. when ready for testing, start the openvpn connection
openvpn client.conf
You can also setup a windows openvpn client. The details are documented in the openvpn.net how to page as well.